This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/CCXP7MmdTA9QLSrWq3Cz4sx4vAI.roa
File:                     CCXP7MmdTA9QLSrWq3Cz4sx4vAI.roa (raw, json)
Hash identifier:          k1S5U8aP2Lcg0vJA7e00/iDbRBQ5i+JFuP0Fbr3wXQU=
Subject key identifier:   08:25:CF:EC:C9:9D:4C:0F:50:2D:2A:D6:AB:70:B3:E2:CC:78:BC:02
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019B7F14528ADC418977ECB464A8C33055A1
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/CCXP7MmdTA9QLSrWq3Cz4sx4vAI.roa
Signing time:             Fri 02 Jan 2026 14:19:56 +0000
ROA not before:           Fri 02 Jan 2026 14:19:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62005
IP address blocks:        193.233.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:52:8a:dc:41:89:77:ec:b4:64:a8:c3:30:55:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 14:19:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0825cfecc99d4c0f502d2ad6ab70b3e2cc78bc02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:50:86:92:c2:78:cf:eb:94:9e:04:d5:e2:67:
                    02:c6:19:a1:fc:75:bc:fe:fc:2e:03:a3:39:e1:c9:
                    b0:df:50:14:c7:8e:fc:9c:d5:a8:8e:64:6c:1f:13:
                    d2:12:07:49:51:bd:19:78:7e:22:24:13:8e:61:ff:
                    e0:08:3d:be:d8:8f:e9:3f:58:85:41:90:43:27:f2:
                    46:61:da:91:af:dd:6d:97:c1:08:b6:f2:93:c1:19:
                    40:fd:d4:e9:b9:93:16:6e:12:04:22:82:e0:62:21:
                    38:72:e1:be:90:5e:bd:13:1b:b2:45:a5:59:39:d5:
                    ba:93:91:dd:14:dd:2d:b7:5e:7d:54:4c:72:3c:28:
                    00:81:1a:c3:f9:f0:dd:75:04:d3:02:91:9b:dc:52:
                    cd:a7:b0:96:8f:2a:fb:8e:7c:9d:d3:2a:c1:3d:e1:
                    16:7f:70:eb:94:e7:17:59:b9:ad:7f:48:ed:a8:7c:
                    7d:a9:79:1a:7d:19:bb:18:32:05:5d:f7:8d:b8:57:
                    1c:d7:89:36:7d:4a:02:fc:9d:94:3e:dc:c8:e4:4f:
                    0c:5e:b2:42:af:00:95:d3:08:d0:4d:9d:36:22:be:
                    3a:34:bd:2c:0c:02:25:61:7c:7e:e3:5f:b9:4b:f5:
                    67:5e:a5:0d:05:2e:0c:a0:02:67:7b:8d:a4:95:09:
                    95:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:25:CF:EC:C9:9D:4C:0F:50:2D:2A:D6:AB:70:B3:E2:CC:78:BC:02
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/CCXP7MmdTA9QLSrWq3Cz4sx4vAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:a5:ad:44:21:3c:79:84:f4:cc:93:c5:7d:37:02:4e:3c:9d:
         82:f3:62:2a:85:cb:e9:1c:c9:3b:8d:60:ab:9a:78:4f:7a:1c:
         c9:ef:a2:15:1e:70:2a:48:60:c1:5e:33:aa:0c:76:d6:9b:cc:
         51:b1:59:ef:c7:b4:ea:bc:61:7d:74:90:74:11:b1:17:5f:df:
         61:88:28:85:bf:ee:d8:b9:7a:33:dd:c6:3b:57:8e:10:d5:f3:
         66:4a:f1:78:32:84:28:ca:6e:74:8a:8e:e9:bc:a4:c7:72:10:
         8b:25:16:4b:78:36:c4:2a:eb:b0:71:e0:07:18:90:0a:30:99:
         ca:14:e5:cd:e6:56:72:07:86:58:49:57:ef:03:c9:39:b6:38:
         9a:a1:08:19:66:10:45:3c:db:0f:7f:5c:f6:25:a7:ea:4b:85:
         1f:f7:5a:11:e9:12:25:81:4c:7d:65:5a:da:1f:fe:7a:7e:31:
         78:f9:5a:2f:7a:ba:80:27:23:ea:97:68:69:0d:46:e5:18:5a:
         64:ca:23:07:a6:cd:62:b2:e5:13:da:75:17:32:a6:91:2c:e5:
         24:9d:c9:0b:b4:9e:ee:3d:65:f2:0b:36:d7:19:88:32:be:c1:
         d7:ed:31:72:de:d5:00:87:5d:83:c0:1d:b3:f8:53:79:fd:30:
         f4:02:1d:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FFKK3EGJd+y0ZKjDMFWhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjYwMTAyMTQxOTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODI1Y2ZlY2M5OWQ0YzBmNTAyZDJhZDZhYjcwYjNlMmNjNzhiYzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11CGksJ4z+uUngTV4mcCxhmh/HW8
/vwuA6M54cmw31AUx478nNWojmRsHxPSEgdJUb0ZeH4iJBOOYf/gCD2+2I/pP1iF
QZBDJ/JGYdqRr91tl8EItvKTwRlA/dTpuZMWbhIEIoLgYiE4cuG+kF69ExuyRaVZ
OdW6k5HdFN0tt159VExyPCgAgRrD+fDddQTTApGb3FLNp7CWjyr7jnyd0yrBPeEW
f3DrlOcXWbmtf0jtqHx9qXkafRm7GDIFXfeNuFcc14k2fUoC/J2UPtzI5E8MXrJC
rwCV0wjQTZ02Ir46NL0sDAIlYXx+41+5S/VnXqUNBS4MoAJne42klQmVEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAglz+zJnUwPUC0q1qtws+LMeLwCMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvQ0NYUDdNbWRUQTlRTFNyV3EzQ3o0c3g0dkFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwenJMA0G
CSqGSIb3DQEBCwUAA4IBAQBzpa1EITx5hPTMk8V9NwJOPJ2C82IqhcvpHMk7jWCr
mnhPehzJ76IVHnAqSGDBXjOqDHbWm8xRsVnvx7TqvGF9dJB0EbEXX99hiCiFv+7Y
uXoz3cY7V44Q1fNmSvF4MoQoym50io7pvKTHchCLJRZLeDbEKuuwceAHGJAKMJnK
FOXN5lZyB4ZYSVfvA8k5tjiaoQgZZhBFPNsPf1z2JafqS4Uf91oR6RIlgUx9ZVra
H/56fjF4+VoverqAJyPql2hpDUblGFpkyiMHps1isuUT2nUXMqaRLOUknckLtJ7u
PWXyCzbXGYgyvsHX7TFy3tUAh12DwB2z+FN5/TD0Ah1G
-----END CERTIFICATE-----
Generated at Tue Jan 20 11:09:53 2026 by rpki-client